chore(deps): fix all 7 npm audit vulnerabilities

- vite: ^6 -> ^8.0.9 (fix path traversal GHSA-4w7w-66w2-5vf9)
- vitest: ^2 -> ^4.1.4 (transitive fixes via vite)
- @vitejs/plugin-react: ^4.3 -> ^6.0.0 (required voor vite@8 compat)
- Override fast-xml-parser naar ^5.5.7 voor alle transitive deps
  (upstream @thatopen/components 3.4.2 shipt nog kwetsbare 5.3.7)

Verificatie:
- npm audit: found 0 vulnerabilities (was: 1 high, 5 moderate, 1 low)
- npm run build: slaagt in 3.5s, 161 modules

Bekende pre-existing issue (niet upgrade-gerelateerd):
- bcfSlice.test.ts heeft 22 tests die addBcfIssue/getBcfStats aanroepen,
  functies die niet meer in de store staan na refactor in commit 95901d9.
  Separaat op te lossen.

Fixes #1 dependabot alert.

Author: jochem25

viewer/package.json

@@ -13,7 +13,7 @@
     "test:coverage": "vitest run --coverage"
   },
   "dependencies": {
-    "@thatopen/components": "^3.3.3",
+    "@thatopen/components": "^3.3.2",
     "@thatopen/components-front": "^3.3.3",
     "@thatopen/fragments": "^3.3.6",
     "camera-controls": "^3.1.2",
@@ -37,11 +37,14 @@
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
     "@types/three": "^0.183.1",
-    "@vitejs/plugin-react": "^4.3.1",
+    "@vitejs/plugin-react": "^6.0.0",
     "jsdom": "^25.0.1",
     "typescript": "^5.4.5",
-    "vite": "^5.0.0",
-    "vitest": "^2.1.8"
+    "vite": "^8.0.9",
+    "vitest": "^4.1.4"
+  },
+  "overrides": {
+    "fast-xml-parser": "^5.5.7"
   },
   "keywords": [
     "ifc",